CVE-2025-38531
BaseFortify
Publication date: 2025-08-16
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | 6.16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the use of uninitialized device structures in the st_sensors driver. Specifically, the device structure (indio_dev->dev) is used before it is properly initialized in various probe functions. This leads to a kernel panic in the function st_sensors_power_enable() when devm_regulator_bulk_get_enable() fails and subsequently calls dev_err_probe() with the uninitialized device. The panic occurs only with dev_err_probe(), while other error logging functions like dev_err(), dev_warn(), and dev_info() do not cause a panic but were also fixed.
How can this vulnerability impact me? :
This vulnerability can cause a kernel panic, which results in the Linux system crashing or becoming unstable when the affected driver encounters an error condition. This can lead to denial of service, system downtime, and potential data loss or interruption of services relying on the affected hardware sensors.